If you do this, it will bypass your reverse proxy. What you should do instead is to create a Firewall rule to accept HTTPS:

You should also verify that the pfSense web GUI is not using the same port (443), in System/Advanced/Admin Access. If it is set to HTTP rather than HTTPS that is OK too. Normally access to the web GUI from the WAN is blocked. One other thing: in order to use port 443 in Squid Reverse Proxy General Settings, I set net.inet.ip.portrange.reservedhigh to 0 in System/Advanced/System Tunables

3. I did this, as well as setting up Exchange in Squid Reverse Proxy General Settings, whereupon OWA worked but remote Outlook and mobile clients did not, or at least not reliably. The main problem was this setting in Squid Reverse Proxy / General:

This must be set to Intermediate rather than Modern (the default).

Now it works – though if pfSense experts out there have better ways to achieve the above I would be interested.

Update: one other thing to check, make sure that your pfSense box can resolve the internal hostname of your Exchange server. By default it may use external DNS servers even if you put internal DNS servers in General Setup. This is because of the setting Allow DNS server list to be overridden by DHCP/PPP on WAN.

6 comments on this post.

Tim:

January 27th, 2017 at 3:40 am

Hi Tim – How did you export the Exchange key such that you were able to import it into pfsense? I’m able to export it using the cert manager but the PFX file is encrypted. Specifically, the environment is SBS2008. Any assistance would be greatly appreciated.

tim:

January 27th, 2017 at 7:56 am

Hi, I used openssl to convert the pfx to PEM format. Then open in Notepad and paste into pfsense. See here for a discussion:

Tim

Tim:

January 27th, 2017 at 3:49 pm

Thanks for the help!

Tim:

January 27th, 2017 at 10:43 pm

This was all very helpful. My system is up and working. Thanks again for the help!

Frank:

January 29th, 2017 at 9:22 pm

pfsense is not Linux bases. It’s based on FreeBSD, what makes it unique..

Tim:

January 30th, 2017 at 4:05 pm

I was seeing a lot of “TCP_MISS/x00 ABORTED” errors in the Squid Access Logs when clients were attempting to access HTTPS sites through Squid. The solution for me was to tick the Services, Squid Proxy Server, Resolve DNS IPv4 First. This option is very useful if you have problems accessing HTTPS sites.